There is a telling lack of consumer-protection laws regarding data leaks and breaches. Compare this with the Android flashlight-dataseller case [1], and you see that companies perceive the data you produce as rightfully theirs to do whatever they want with, except that which is legislatively protected (and even then...).
What's the solution? We hate regulation as an industry, but if I was outside the industry, seeing these data breaches over and over again would seem to imply a need for regulation. Looking at PCI and HIPPA, as two examples, it doesn't seem like data protection legislation would be super successful. Any thoughts on that?
How about not requiring personal data when it's necessary anyway, and removing it as soon as it isn't necessary anymore? If I buy a LaCie drive in a brick-and-mortar store and I pay with cash, there is exactly none of my personal data there to be stolen. I don't see why this shouldn't apply to my online purchases. In fact, I'm quite annoyed that it doesn't apply at all.
There's a middle ground where custodial responsibilities are legislated, where the customer retains property rights in the information collected by the company and thus provides a cause of action if the company fucks up.
The minor inconvenience of re-entering my shipping data every time clearly outweighs the possibility that some crime syndicate gets their hands on my personal data. At least for me. I would appreciate it to at least have the option to not create an account when I make a purchase. I've seen too many data breaches to have much confidence in the security of the majority of webshops. The only secure safeguard against theft of personal information is to not have it stored in the first place.
Certainly HIPAA is far more trouble, and every example I can think of, of regulation being passed in haste in response to witch hunt, has been awful. I'm thinking of stuff like Sarbanes-Oxley or Dodd-Frank. Neither of these did much in terms of their stated goals, but they have created a bunch of problems as unintended consequences.
We hear about new attacks and vulnerabilities, more credit card numbers stolen, more personal information stolen, on a weekly basis. I think we're past the point of accusing legislators of acting in a reactionary manner to an isolated incident or two should the proposition of regulation be put forward.
I don't understand. The data was leaked from March 27, 2013 to March 10, 2014, but LaCie didn't know that was happening. They found out on March 19, 2014 when the FBI told them about it. I don't see how you infer from this miss-ordered priorities for fixing the site.
1. http://bgr.com/2014/04/14/brightest-flashlight-app-scam-sett...